Overview
Recently, NSFOCUS CERT found that Google officially fixed a zero-day exploit (CVE-2023-5217), which was caused by the heap buffer overflow in the VP8 encoding of the open source libvpx video codec library. An attacker could use this vulnerability to execute arbitrary code on the target system. At present, this vulnerability has been exploited in the wild. Please take measures to protect the affected users as soon as possible.
In addition, Google has also fixed two post release reuse vulnerabilities (CVE-2023-5186/CVE-2023-5187), which attackers can exploit to achieve unauthorized access to the target system.
Reference link: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
Scope of Impact
Affected version
Mitigation
Official upgrade
Currently, the official security version has been released to fix this vulnerability. It is recommended that affected users upgrade their protection in a timely manner: https://www.google.com/chrome/
Manual upgrade
Check for updates in the Chrome menu bar and restart after the update.
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this ..
Support the originator by clicking the read the rest link below.